Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-05-2022 Ran by Marie (26-05-2022 17:57:10) Running from C:\Users\Marie\Desktop Microsoft Windows 10 Home Version 21H2 19044.1706 (X64) (2022-05-20 23:14:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2964040095-1466076873-307546714-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2964040095-1466076873-307546714-503 - Limited - Disabled) Guest (S-1-5-21-2964040095-1466076873-307546714-501 - Limited - Disabled) Marie (S-1-5-21-2964040095-1466076873-307546714-1001 - Administrator - Enabled) => C:\Users\Marie WDAGUtilityAccount (S-1-5-21-2964040095-1466076873-307546714-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Bitdefender Antivirus Free Antimalware (Enabled - Out of date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E} AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 18.05 (x64) (HKLM-x32\...\7-Zip) (Version: 18.05 - Igor Pavlov) Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{9D569A6E-C9DF-490E-93E0-7AFD28D1F9BB}) (Version: 20.23.401.14519 - Alcor Micro Corp.) ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.) ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS) ASUS Input Configuration (HKLM-x32\...\{7DDF7571-64BD-4232-9729-20FF10CE6C62}) (Version: 1.0.3 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.) ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.11 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.19.0004 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.7 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0047 - ASUS) Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team) AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.1.19 - ICEpower a/s) Bitdefender Agent (HKLM-x32\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender) Bitdefender Antivirus Free (HKLM-x32\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.17.192 - Bitdefender) Blender (HKLM-x32\...\{D6E38255-FB12-4724-A6FF-075B43272C66}) (Version: 2.92.0 - Blender Foundation) calibre 64bit (HKLM-x32\...\{0FD8DB9D-5D78-4919-9413-0940F43334DD}) (Version: 4.23.0 - Kovid Goyal) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.) Canon MX530 series MP Drivers (HKLM-x32\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX530_series) (Version: 1.01 - Canon Inc.) Canon MX530 series On-screen Manual (HKLM-x32\...\Canon MX530 series On-screen Manual) (Version: 7.6.1 - Canon Inc.) Canon MX530 series User Registration (HKLM-x32\...\Canon MX530 series User Registration) (Version: - ‭Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.4 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.) Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden Deus Ex GOTY (HKLM-x32\...\GOGPACKDEUSEX_is1) (Version: 2.0.0.11 - GOG.com) Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.) DiagnosticsHub_CollectionService (HKLM-x32\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-2964040095-1466076873-307546714-1001\...\Discord) (Version: 1.0.9004 - Discord Inc.) Entity Framework 6.2.0 Tools for Visual Studio 2019 (HKLM-x32\...\{9EC04694-BDDB-470F-9986-4D8A059D64C5}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden f.lux (HKU\S-1-5-21-2964040095-1466076873-307546714-1001\...\Flux) (Version: - f.lux Software LLC) Gadget Collection version 1.0 (HKLM-x32\...\{99807D63-6EE7-424B-9F30-B581CD2E5795}_is1) (Version: 1.0 - Zomb's Lair) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 101.0.4951.67 - Google LLC) icecap_collection_neutral (HKLM-x32\...\{705A0B76-17AA-47A8-A363-243C1A9E65AA}) (Version: 16.2.29111 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM-x32\...\{D7609B51-0FF2-40C8-81B6-FF525B16E425}) (Version: 16.2.29111 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{911B9EB8-F286-4324-8493-5FF9D2F00486}) (Version: 16.2.29111 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{112C7251-6110-40E3-8FE7-7D0F53D96995}) (Version: 16.1.28829 - Microsoft Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{3AE6FD56-D431-4B53-94F0-95E844206ADF}) (Version: 10.1.1.32 - Intel Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{aaa7f0fb-02dc-4576-beef-7d24842c5fbe}) (Version: 10.1.1.32 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{8E1338CD-2B65-47CB-94F1-8092443EC46B}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{E04E7192-DD1D-4266-80F3-D5C94E264B9D}) (Version: 11.5.0.1015 - Intel Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7325 - Intel Corporation) Intel(R) Serial IO (HKLM-x32\...\{958B0D39-70C4-4C0A-A09C-2DBC9DF499FF}) (Version: 30.63.1620.03 - Intel Corporation) Hidden Intel(R) Serial IO (HKLM-x32\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{09B8FFA4-5222-4271-8AA9-CDC98AD64863}) (Version: 18.1.1613.3274 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{0961a92c-ad83-40dd-a0fc-29ba41e5349d}) (Version: 20.50.3 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM-x32\...\{9E9EC22E-5FB0-40D1-AC22-C3700EA76185}) (Version: 20.50.3.1498 - Intel Corporation) Hidden Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM-x32\...\{3973721B-C2ED-4505-98B6-752897ECF2F1}) (Version: 1.42.680.1 - Intel Corporation) Hidden IntelliTraceProfilerProxy (HKLM-x32\...\{1C92D642-AD8C-4319-8E7B-5D6AA55F430B}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden King of Dragon Pass (HKLM-x32\...\King of Dragon Pass_is1) (Version: - GOG.com) Malwarebytes version 4.5.9.198 (HKLM-x32\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.9.198 - Malwarebytes) Microsoft OneDrive (HKU\S-1-5-21-2964040095-1466076873-307546714-1001\...\OneDriveSetup.exe) (Version: 22.089.0426.0003 - Microsoft Corporation) Mozilla Firefox (x64 en-GB) (HKLM-x32\...\Mozilla Firefox 100.0.2 (x64 en-GB)) (Version: 100.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 73.0.1 - Mozilla) Notepad++ (64-bit x64) (HKLM-x32\...\Notepad++) (Version: 7.6 - Notepad++ Team) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20146 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM-x32\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20248 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) paint.net (HKLM-x32\...\{1A59F8A6-6AB4-4522-9340-F420B9155A31}) (Version: 4.2.16 - dotPDN LLC) Pathologic Classic HD (HKLM-x32\...\1444818876_is1) (Version: 2.0.0.1 - GOG.com) Pentablet version 1.6.4.200810 (HKLM-x32\...\{5DAB8C1A-6D8E-467D-BE62-AC13087AA950}_is1) (Version: 1.6.4.200810 - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8858.1 - Realtek Semiconductor Corp.) RPG Maker 2000 RTP 1.60 (HKU\S-1-5-21-2964040095-1466076873-307546714-1001\...\RPG Maker 2000 RTP) (Version: 1.60 - KADOKAWA GAMES) RPG Maker 2003 RTP 1.10a (HKU\S-1-5-21-2964040095-1466076873-307546714-1001\...\RPG Maker 2003 RTP) (Version: 1.10a - KADOKAWA GAMES) RPG Maker VX Ace (HKLM-x32\...\RPGVXAce_E_is1) (Version: 1.02 - Enterbrain) RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain) Skype version 8.64 (HKLM-x32\...\Skype_is1) (Version: 8.64 - Skype Technologies S.A.) SoulseekQt version 2019.7.22 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2019.7.22 - Soulseek LLC) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) System Shock 2 (HKLM-x32\...\1207659172_is1) (Version: 2.46_nd - GOG.com) Thief 2 - The Metal Age (HKLM-x32\...\GOGPACKTHIEF2_is1) (Version: 2.0.0.18 - GOG.com) Thief GOLD (HKLM-x32\...\GOGPACKTHIEF1GOLD_is1) (Version: 2.0.0.46 - GOG.com) Thief Gold (HKLM-x32\...\Thief Gold_is1) (Version: - GOG.com) Ultimate Doom Builder (HKLM-x32\...\Ultimate Doom Builder_is1) (Version: - ZZYZX) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM-x32\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden vcpp_crt.redist.clickonce (HKLM-x32\...\{BFFDC70B-C973-41D3-B009-E64E08230E7D}) (Version: 14.22.27821 - Microsoft Corporation) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN) VS Immersive Activate Helper (HKLM-x32\...\{78500789-0EBE-4490-BE43-F9EF8250BF42}) (Version: 16.0.98.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM-x32\...\{4137D3AB-5B44-4AC9-83A4-5273F2E2547E}) (Version: 16.0.98.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{BAF91847-0A64-405E-98EC-A0BA6FB4BC4E}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{213DB54D-B2BA-4517-B126-21514CAA79D3}) (Version: 16.2.29111 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{19A2A8BC-4971-415D-84BF-11FD94BC7C30}) (Version: 16.2.29012 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{B6302FE7-B486-490B-AEE8-CB7858DD1B6F}) (Version: 16.2.29012 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{7E846069-BA07-434B-9037-ECDCFFFEEF97}) (Version: 16.2.29006 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{9DB417AD-0662-44E9-989F-E7102C5CC386}) (Version: 16.2.29111 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{92B3118C-3214-4BFA-89A0-5FF5EDFA2AEA}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden WhatsApp (HKU\S-1-5-21-2964040095-1466076873-307546714-1001\...\WhatsApp) (Version: 0.3.2386 - WhatsApp) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.1 - ASUS) Yume Nikki 0.10 English (HKU\S-1-5-21-2964040095-1466076873-307546714-1001\...\Yume Nikki 0.10 English) (Version: - ) Zoom (HKU\S-1-5-21-2964040095-1466076873-307546714-1001\...\ZoomUMX) (Version: 5.2.3 (45120.0906) - Zoom Video Communications, Inc.) Packages: ========= Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.) Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2022-05-23] (Canon Inc.) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-05-23] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-10] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-10] (Microsoft Corporation) [MS Ad] Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-16] (Microsoft Corporation) Raw Image Extension -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.0.30391.0_x64__8wekyb3d8bbwe [2022-05-23] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-11-13] (Notepad++ -> ) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-25] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxDTCM.dll [2019-10-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-25] (Malwarebytes Inc. -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Marie\Desktop\Media\old work\MISC STUFF I WAS SCARED TO DELETE\First user - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Marie\Desktop\Media\old work\MISC STUFF I WAS SCARED TO DELETE\Marie - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=fahmaaghhglfmonjliepjlchgpgfmobi ShortcutWithArgument: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi ==================== Loaded Modules (Whitelisted) ============= 2016-10-12 22:17 - 2016-10-12 22:17 - 000125440 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2016-10-12 22:17 - 2016-10-12 22:17 - 000033280 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2020-11-30 16:32 - 2022-03-04 03:23 - 126965248 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll 2020-11-30 16:32 - 2021-11-17 12:38 - 000384000 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll 2020-11-30 16:32 - 2021-11-17 12:38 - 008006656 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll 2016-10-12 22:17 - 2016-10-12 22:17 - 001676288 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ApplyLUT.dll 2016-10-12 22:17 - 2016-10-12 22:17 - 000178176 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\GenLUT.dll 2016-10-12 22:17 - 2016-10-12 22:17 - 000165888 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorU.dll 2020-09-16 18:19 - 2017-07-05 13:49 - 000593920 _____ (CANON INC.) [File not signed] [File is in use] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll 2020-09-17 17:44 - 2013-08-02 08:43 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL 2020-09-17 17:44 - 2013-08-02 08:42 - 000307200 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_IMG.dll 2020-09-16 18:19 - 2017-07-05 13:43 - 000561152 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll 2020-03-07 22:54 - 2013-09-11 16:50 - 000360448 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL 2018-12-02 14:13 - 2018-04-30 13:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2020-04-20 15:02 - 2020-04-20 15:02 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll 2020-04-20 15:02 - 2020-04-20 15:02 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll 2020-11-30 16:32 - 2022-03-04 03:23 - 000983552 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-07] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\dotnet\;C:\Program Files\Calibre2\ HKU\S-1-5-21-2964040095-1466076873-307546714-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marie\Desktop\Media\zones\hiorns-seizure-25.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C81CC052-9070-4EC1-AE45-70681B02FC41}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{841673A6-4526-4891-AACF-94C958BCDD43}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{9CC1CE52-5F65-4ECC-8468-89B6057E55C5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{1B65BD1D-9138-4EA2-BB8F-FD079FFB5727}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [TCP Query User{A9F1F5EA-C510-41D4-9CC1-3AD05C9E6802}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{063FC622-FF54-41A7-BBB1-A3C1BE6F4E9C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 23-05-2022 16:27:59 Windows Modules Installer ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (05/26/2022 11:41:40 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (05/26/2022 11:13:23 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (05/26/2022 11:08:56 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Cortana.exe version 4.2204.13303.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2a88 Start Time: 01d870e895583948 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe Report Id: 8f09d01d-aa5f-4671-b113-6965f483573b Faulting package full name: Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Hang type: Quiesce Error: (05/25/2022 09:27:06 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (05/25/2022 09:26:48 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {7c25e531-305d-457f-a613-0e246f265369} Error: (05/25/2022 03:05:43 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 23.5.2022.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2b1c Start Time: 01d8703fc48a0f4c Termination Time: 30 Application Path: C:\Users\Marie\Desktop\Tools\FRST64.exe Report Id: 6a8d5eab-3995-4013-b99a-11be515a1742 Faulting package full name: Faulting package-relative application ID: Hang type: Unknown Error: (05/25/2022 01:59:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CNQMUPDT.EXE, version: 2.8.5.0, time stamp: 0x595c7036 Faulting module name: combase.dll, version: 10.0.19041.1682, time stamp: 0xccf6903a Exception code: 0xc0000005 Fault offset: 0x000a2824 Faulting process ID: 0x3730 Faulting application start time: 0x01d870372c8b2230 Faulting application path: C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE Faulting module path: C:\WINDOWS\System32\combase.dll Report ID: dbb5e360-cdec-4328-a1dd-6fdedf2f61e2 Faulting package full name: Faulting package-relative application ID: Error: (05/23/2022 11:56:59 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . System errors: ============= Error: (05/26/2022 04:23:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Intel Corporation - Display - 26.20.100.7325. Error: (05/26/2022 12:12:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (05/26/2022 12:12:17 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Marie\AppData\Local\Temp\ehdrv.sys Error: (05/26/2022 12:12:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (05/26/2022 12:12:16 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Marie\AppData\Local\Temp\ehdrv.sys Error: (05/26/2022 12:12:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (05/26/2022 12:12:16 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Marie\AppData\Local\Temp\ehdrv.sys Error: (05/26/2022 12:12:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Windows Defender: ================ Date: 2022-05-26 13:45:49 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Keygen&threatid=225063&enterprise=0 Name: PUA:Win32/Keygen Severity: Low Category: Potentially Unwanted Software Path: file:_C:\Users\Marie\Downloads\Clip_Studio_Paint_EX_1.8.2.fix\Crack\Keygen-1.8.2.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\Marie\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Security intelligence Version: AV: 1.367.495.0, AS: 1.367.495.0, NIS: 1.367.495.0 Engine Version: AM: 1.1.19200.6, NIS: 1.1.19200.6 Date: 2022-05-25 22:21:28 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-05-25 15:11:18 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-05-25 15:01:18 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CoinMiner!MSR&threatid=2147743972&enterprise=0 Name: Trojan:Win32/CoinMiner!MSR Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450; file:_C:\Windows\System32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\Marie\Desktop\Tools\FRST64.exe Security intelligence Version: AV: 1.367.457.0, AS: 1.367.457.0, NIS: 1.367.457.0 Engine Version: AM: 1.1.19200.6, NIS: 1.1.19200.6 Date: 2022-05-25 15:01:17 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CoinMiner!MSR&threatid=2147743972&enterprise=0 Name: Trojan:Win32/CoinMiner!MSR Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\Marie\Desktop\Tools\FRST64.exe Security intelligence Version: AV: 1.367.457.0, AS: 1.367.457.0, NIS: 1.367.457.0 Engine Version: AM: 1.1.19200.6, NIS: 1.1.19200.6  CodeIntegrity: =============== Date: 2022-05-26 11:44:06 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2022-05-26 11:42:11 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2022-05-25 22:20:46 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. UX330UAK.315 04/19/2019 Motherboard: ASUSTeK COMPUTER INC. UX330UAK Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz Percentage of memory in use: 83% Total physical RAM: 8077.25 MB Available physical RAM: 1313.08 MB Total Virtual: 11165.62 MB Available Virtual: 1563.65 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:475.36 GB) (Free:120.33 GB) (Model: Micron_1100_MTFDDAV512TBN) NTFS ==>[system with boot components (obtained from drive)] \\?\Volume{fdc253f9-eac6-4428-916f-4ce085b83e79}\ () (Fixed) (Total:0.52 GB) (Free:0.05 GB) NTFS \\?\Volume{673d29a5-520f-446d-82f4-f8f67091c820}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.44 GB) NTFS \\?\Volume{cb042d9b-634c-4cba-bd86-5ae9561d65f8}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 476.9 GB) (Disk ID: B4A946F2) Partition: GPT. ==================== End of Addition.txt =======================